For example, I had one that was so badly hacked they had hijacked the login page which required over taking the wp-admin directory with a custom .htaccess file and some other .php files carefully hidden.

As another example, there was one site that no matter how often you deleted the malware files, they were magically reinstalled with in seconds, and they were everywhere!

Why does this happen?

Usually it has nothing to do with you, your business, or your website. Unless you pissed off your developer!

Hackers just want to take over your hosting and website to redirect search engine traffic to their pharmaceutical sites and porn sites.

In some cases they are also hoping to hijack your SMTP relay server to send massive amounts of spam emails.

Don’t take it personal. Chance are, you were just an easy target.

What makes you an easy target?

Hackers pray on WordPress users…Not because WordPress is a bad application, but because not all users follow good security measures and leave themselves open to attack.

The quickest ways to get hacked…

Outdated Software (WordPress, Plugins, and Themes)

This is the #1 reason you have a hacked WordPress site!

WordPress is a software application. Do you know of any software that doesn’t have updates? Don’t neglect these updates, it is your responsibility as the site owner to manage your WordPress, plugins and theme updates. If you don’t want to do it, find a good developer who can manage them for you!

Have multiple sites? Use a tool like ManageWP to manage them all from one dashboard. WordPress also has an auto update feature that you could enable.

Weak WP Admin User Credentials

If you’re using an easy username and password so that you don’t have to strain yourself to remember it, it’s going to be easy to hack. Use a tool like 1Password to secure your logins and have one click logins to your accounts.

Some things to avoid when setting your user names and passwords.

admin

webmaster

domain name

your name (easily found on published post)

As for passwords I recommend using the Password Generator tool in the profile section.

Cleaning up after hackers :-/

It’s just not possible to write an article that will show you how to clear the malware and redirects from a hacked WordPress site, there are too many different possibilities.

These are a few places you could start:

.htaccess

index.php

bb_press (plugin not to be confused with bbpress)

What I recommend is using a solution like Sucuri’s full service (follow this guide here) or MalCare to not only scan your site for malware but to provide additional firewalls and protections most hosting providers DO NOT provide!

If you’re going to spend the money, get Sucuri or MalCare you’ll have much better results.

Hands off solution for a hacked WordPress site…

Many of my clients depend on me because they’re not tech savvy and don’t know how to manage their sites and/or issues. Others realize that their time is too valuable to waist trying to unhack their website.

Preventative solutions are always the best. We don’t buy Auto Insurance and Health Insurance because we want to get into an accident or be hospitalized, we do it just incase, it’s pease of mind!

The choice is yours, a few dollars now, or hours of your time and life shortening stress later, get started here!